...I had under my eyes the solution I have not seen:
* user=foo lrw
Public user=bar lrwstipekxa
Public/* user=bar lrwstipekxa
I was enough (in my case) add the initial "*" wildcards, like this:
* user=i...@mydomain.com lrwsi
where the "*" wildcards means all groups.
I have verified and so the configuration is perfect, the user can not
delete their own messages
The fact remains that on the wiki dovecot ACL these steps, in the case
of virtual users, are not clear, at least in my opinion. :-)
I hope at least that my experience can be of assistance to other users.
Many many thanks!
Davide
